NetXMS Support Forum

Hello again. I'm a complete novice when it comes to scripting and parsing of SNMP traps. What I'm hoping to accomplish is to be able to take an incoming trap, identify the included severity and then post this trap to the associated node with the severity from the trap. Once the same alarm, from the same device is cleared I'd like to see that alarm cleared. I tried to follow some guidance from this post: https://www.netxms.org/forum/general-support/snmp-trap-configuration/
However, I'm still coming up short...

Alarm Trap
09.22.2020 18:47:41   10.24.43.40   Commscope ION-B   .1.3.6.1.4.1.331.1.2.1.1.3.1   .1.3.6.1.2.1.1.5.0 == 'TEST_SYS'; .1.3.6.1.4.1.331.1.2.1.1.2.5.0 == '2388'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.2.0 == '1618'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.3.0 == '9618'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.4.0 == '1'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.5.0 == '07 E4 09 16 17 1C 0B 00 2B 00 00 '; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.6.0 == '4'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.7.0 == '24'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.8.0 == 'RX1 Optical power fail'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.9.0 == 'SR=1.LUNIT=8'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.10.0 == '0'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.11.0 == '.0.0'; .1.3.6.1.4.1.331.1.2.1.1.5.1.0 == '{0844730D-3F76-4C1E-9FC6-0F65BCDEF886}'; .1.3.6.1.4.1.331.1.2.1.1.1.7.0 == ''

Clearing Trap:
09.22.2020 18:47:56   10.24.43.40   Commscope ION-B   .1.3.6.1.4.1.331.1.2.1.1.3.1   .1.3.6.1.2.1.1.5.0 == 'TEST_SYS'; .1.3.6.1.4.1.331.1.2.1.1.2.5.0 == '2390'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.2.0 == '1618'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.3.0 == '9618'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.4.0 == '5'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.5.0 == '07 E4 09 16 17 1C 1C 00 2B 00 00 '; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.6.0 == '4'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.7.0 == '24'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.8.0 == 'RX1 Optical power fail'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.9.0 == 'SR=1.LUNIT=8'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.10.0 == '0'; .1.3.6.1.4.1.331.1.2.1.1.2.6.1.11.0 == '.0.0'; .1.3.6.1.4.1.331.1.2.1.1.5.1.0 == '{0844730D-3F76-4C1E-9FC6-0F65BCDEF886}'; .1.3.6.1.4.1.331.1.2.1.1.1.7.0 == ''

I'm really concerned with variables:
2   .1.3.6.1.2.1.1.5.0 == 'TEST_SYS'; - System Name
3   .1.3.6.1.4.1.331.1.2.1.1.2.6.1.8.0 == 'RX1 Optical power fail'; - Additional Text
4   .1.3.6.1.4.1.331.1.2.1.1.2.6.1.9.0 == 'SR=1.LUNIT=8'; - Alarm Equipment
5   .1.3.6.1.4.1.331.1.2.1.1.2.6.1.4.0 == '1'; - Severity: 1=critical; 2=major; 3=minor; 4=warning; 5=cleared; 6=information
6   .1.3.6.1.4.1.331.1.2.1.1.2.6.1.2.0 == '1618'; - Alarm ID
7   .1.3.6.1.4.1.331.1.2.1.1.2.5.0 == '1860'; - Alarm Trap Counter
8   .1.3.6.1.4.1.331.1.2.1.1.2.6.1.5.0 == '07 E4 09 16 10 0C 23 00 2B 00 00 '; -Date and time from system
9   .1.3.6.1.4.1.331.1.2.1.1.5.1.0 == '{0844730D-3F76-4C1E-9FC6-0F65BCDEF886}'; -UID just in case I need to identify hardware IDs

I thought I modified the script correctly but it's still not working:
if ($event->parameters[6] > 0)
{
   switch($event->parameters[5])
   {
      case 1:
         evt = "COMMSCOPE_CRITICAL";
         break;
      case 2:
         evt = "COMMSCOPE_MAJOR";
         break;
      case 3:
         evt = "COMMSCOPE_MINOR";
         break;
      case 4:
         evt = "COMMSCOPE_WARNING";
         break;
      case 5:
         evt = "COMMSCOPE_CLEAR";
         break;
      default:
         evt = "COMMSCOPE_INFO";
         break;
   }
   PostEvent($node, "$2");  // pass message as first parameter to generated event
}
else
{
   PostEvent($node, "TRAP_CLOSE");
}

I attached some screen shots for reference. In Even Processing Policy I created two rules
1. CONDITIONS| EVENT = COMMSCOPE_RAW; ACTION check stop processing; ACTION|ALARM do not change alarms ACTION | SERVER ACTION = COMMSCOPE_Action Delay 0 Timer Key 1
2. CONDITIONS| EVENT = COMMSCOPE_CRITICAL, COMMSCOPE_MINOR, etc....; ACTION|ALARM create alarm; ACTION | SERVER ACTION = COMMSCOPE_Action Delay 0 Timer Key 1

I see the raw information posting in the event log, but I'm not seeing the alarms showing on the node itself. I appreciate all the help.

I dealt with something similar recently, a single trap with a variable severity parameter. This is how I handled it (I'll frame it in terms of your trap name/parameters):

In the 'Transformation' section of the SNMP Trap configuration I convert the integer 'severity' to a string, and modify the event severity:

switch ($event->parameters[5])
{
case "1":
$event->setSeverity(4);
SetEventParameter($event, "4", "critical");
break;
case "2":
$event->setSeverity(3);
SetEventParameter($event, "4", "major");
break;
case "3":
$event->setSeverity(2);
SetEventParameter($event, "4", "minor");
break;
case "4":
$event->setSeverity(1);
SetEventParameter($event, "4", "warning");
break;
case "5":
$event->setSeverity(0);
SetEventParameter($event, "4", "cleared");
break;
case "6":
$event->setSeverity(0);
SetEventParameter($event, "4", "information");
break;
default:
$event->setSeverity(5);
SetEventParameter($event, "4", "unknown");
}
return;

The trap calls an event 'COMMSCOPE_ALERT' with Severity set to 'Normal', and the Message field set to something like 'Severity: %5, Reason: %3'.

I then have two Event Processing Policies:

Generate Commscope alarm
   Condition
      Events: COMMSCOPE_ALERT
      Severity Filter: all options ticked
   Filter Script
      // Adjust the severity of the current event to reflect the value passed from the trap
      // Drop events with severity != critical/major/minor/warning
      switch ($event->parameters[5])
      {
         case "critical":
            $event->setSeverity(4);
            return true;
         case "major":
            $event->setSeverity(3);   
            return true;
         case "minor":
            $event->setSeverity(2);   
            return true;
         case "warning":
            $event->setSeverity(1);
            return true;
         default:
            return false;
      }
   Action
      Alarm
         'Create new alarm'
         Message: %m
         Alarm key: %n:%N
         Alarm severity: From event
         
Terminate Commscope alarm
   Condition
      Events: COMMSCOPE_ALERT
      Severity Filter: only 'Normal' ticked
   Action
      Alarm
         'Terminate alarms'
         Terminate all alarms with key: %n:%N

Alarms should get created when a trap with critical/major/minor/warning severity arrives, and should get terminated when the same trap arrives with any other value.

And, of course, this is only one (and not necessarily the best) way of achieving this

I followed you write up and it wasn't working for me. The clearing traps were being processed by the first even action, it seems like the filter script was not seeing the "critical, major, minor, warning" text as you originally had it. I needed to change it back to the numbers included in the trap. Seems like the transform script wasn't updating the field correctly or something. Either way using your guidance I got this to work with the settings in the pictures. This accomplished what I needed it to and I should be able to apply this same logic to other vendors.

Transform:
switch ($event->parameters[5])
{
case "1":
   $event->setSeverity(4);
   SetEventParameter($event, "4", "critical");
   break;
case "2":
   $event->setSeverity(3);
   SetEventParameter($event, "4", "major");
   break;
case "3":
   $event->setSeverity(2);
   SetEventParameter($event, "4", "minor");
   break;
case "4":
   $event->setSeverity(1);
   SetEventParameter($event, "4", "warning");
   break;
case "5":
   $event->setSeverity(0);
   SetEventParameter($event, "4", "cleared");
   break;
case "6":
   $event->setSeverity(0);
   SetEventParameter($event, "4", "information");
   break;
default:
   $event->setSeverity(5);
   SetEventParameter($event, "4", "unknown");
}
return;

Event Policy:
// Adjust the severity of the current event to reflect the value passed from the trap
// Drop events with severity != critical/major/minor/warning
switch ($event->parameters[5])
{
case "1":
   $event->setSeverity(4);
   return true;
case "2":
   $event->setSeverity(3);   
   return true;
case "3":
   $event->setSeverity(2);   
   return true;
case "4":
   $event->setSeverity(1);
   return true;
default:
   return false;
}